Strengthen your Zero Trust posture—a new, unified approach to securityis here
Read the blog
Elevate your security with unified visibility, investigation, and response across the cyberattack chain with an industry-leading extended detection and response (XDR) solution.
Contact Sales Start free trial
Microsoft is named a leader in the 2024, Q2 Forrester Extended Detection and Response Wave
Learn more
Supercharge your SecOps effectiveness with XDR
Get incident-level visibility across the cyberattack chain with Microsoft Defender XDR (formerly Microsoft 365 Defender). Take your SOC team to the next level with automatic disruption of advanced cyberattacks and accelerated response across endpoints & IoT, hybrid identities, email & collaboration tool, software as a service (SaaS) applications, cloud workloads, and data.
Endpoints
Discover and secure endpoint and network devices across your multiplatform enterprise.
Identities
Manage and secure hybrid identities and simplify employee, partner, and customer access.
SaaS apps
Get visibility, control data, and detect cyberthreats across cloud services and apps.
Email and collaboration tools
Protect your email and collaboration tools from advanced cyberthreats, such as phishing and business email compromise.
Microsoft Defender XDR key capabilities
Unify security with XDR.
Automatically disrupt advanced cyberattacks at machine speed Enable rapid response with XDR-prioritized incidents Reinvent SOC productivity with Microsoft Copilot for Security Auto-heal affected assets Proactively hunt for cyberthreats Manage multitenant environments more effectively
Automatically disrupt advanced cyberattacks at machine speed
Stop lateral movement of advanced cyberattacks, such as ransomware, with AI to limit a cyberattacker’s progress early on, and give your SOC team full control to investigate and remediate cyberthreats.
Learn more
Enable rapid response with XDR-prioritized incidents
Remediate cyberthreats quickly and eliminate the need to sift through random information. Get a complete view of thecyberattack chain and prioritized investigation and response at the incident level.
Learn more
Reinvent SOC productivity with Microsoft Copilot for Security
Respond to cyberthreats at machine speed and scale with guided response actions, enable any analyst to build complex queries using natural language, and reverse engineer and understand adversarial scripts in seconds. Copilot is now embedded in Microsoft Defender XDR.
Learn more
Auto-heal affected assets
Reduce your workload with automated self-healing of menial tasks, such as device cleanup. Build your own automated response to recurring alerts in your environment using custom detection combined with Kusto Query Language (KQL) queries.
Learn more
Proactively hunt for cyberthreats
Hunt for cyberthreats across all workloads and uncover potential blind spots in your environment with a guided, step-by-step experience. Create custom queries to locate information across all XDR data.
Learn more
Manage multitenant environments more effectively
Multitenant support in Microsoft Defender XDR streamlines incident management and cyberthreat hunting across multiple tenants with a consolidated view of incidents, device inventory, vulnerability management, and advanced hunting.
Learn more
See Copilot in Microsoft Defender XDR
Watch how Copilot helps you investigate and complete complex tasks such as cyberthreat hunting, reverse-engineering malware, and incident reporting.
Watch the demo
Learn more about Microsoft Copilot for Security
Microsoft 365 E5, A5, F5, and G5 customers can save on Microsoft Sentinel
Learn more
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal Microsoft Defender XDR Microsoft Sentinel
Unified portal
Detect and disrupt cyberthreats in near real time and streamline investigation and response.
Learn more about Microsoft unified XDR and SIEM
See what’s new in cyberthreat protection and AI
Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity with our library of webcasts, e-books, and analyst reports.
Get the latest resources
Industry recognition
Microsoft Security is a recognized industry leader.
Learn more
Forrester XDR Wave
Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021.1,2
Read the blog
Leader in MITRE ATT&CK
Microsoft Defender XDR (formerly Microsoft 365 Defender) demonstrates 100 percent protection coverage in the 2023 MITRE EngenuityATT&CK® Evaluations.3
Read the blog
What our customers are saying
“Having a strong security posture focused on protecting physical security and the security of devices, identities, and data is critical to company stability and were key components to a successful defense against cyberattacks.”
- Eric McKinney, Enterprise Infrastructure Director, G&J Pepsi-Cola Bottlers
The Total Economic Impact™ Of Microsoft Defender XDR (formerly Microsoft 365 Defender)
A 2022 study found a return on investment of 242% over three years and a net present value of $17 million with Microsoft 365 Defender.4
Read the full commissioned study
Related products
Use best-in-class Microsoft security products to prevent and detect cyberattacks across your Microsoft 365 workloads.
Learn more
Showing %{start}%{separator}%{end} of %{total} items
Skip Related products Carousel section
Microsoft Defender for Endpoint
Deliver preventive protection, post-breach detection, automated investigation, and response for endpoints.
Learn more
Microsoft Defender for Identity
Manage and secure hybrid identities and simplify employee, partner, and customer access.
Learn more
Microsoft Defender for Office 365
Help secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.
Learn more
Microsoft Defender for Cloud Apps
Get visibility, control data, and detect cyberthreats across cloud services and apps.
Learn more
Microsoft Defender for IoT
Get real-time asset discovery, vulnerability management, and cyberthreat protection for your Internet of Things (IoT) and operational technologies (OT) infrastructure.
Learn more
Microsoft Defender Vulnerability Management
Bridge the gap between teams with a single place to discover, prioritize, and remediate vulnerabilities and misconfigurations.
Learn more
Documentation and training for Microsoft Defender XDR
Overview
Microsoft Defender XDR infographic
Get an overview of how XDR helps stop cyberattacks and coordinates responses across assets.
Learn more
Licensing
Understand your plan options
Get an overview of all plans that include Microsoft Defender XDR capabilities.
Learn more
Blog
Microsoft Defender XDR Blog
Learn best practices, get updates, and engage with product teams in the Microsoft Defender XDR tech community.
Read the blog
Pilot
Evaluate and pilot Microsoft Defender XDR
Use technical guidance to get started and pilot Microsoft Defender XDR.
Learn more
Protect everything
Make your future more secure. Explore your security options today.
Contact Sales Start free trial
Frequently asked questions
|
-
Microsoft Defender XDR (formerly Microsoft 365 Defender)is an industry-leading XDR platform. It delivers a unified investigation and response experience and provides native protection across endpoints, IoT devices, hybrid identities, email and collaboration tools, and cloud applications with centralized visibility, powerful analytics, and automatic cyberattack disruption.
Gain a broader set of protections with Microsoft Defender XDR, including email security and identity and access management as critical preventative solutions. Benefit from auto-healing capabilities for common issues and scale your security operations center (SOC) team with XDR-automated disruption to help protect against advanced cyberattacks more effectively, while safeguarding business continuity.
-
Microsoft Defender XDRis an XDR platform that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. It uses incident-level visibility across the cyberattack chain, automatic cyberattack disruption, and unified security and access management to accelerate responses to sophisticated cyberattacks. Microsoft Sentinel complements these capabilities with SIEM and security orchestration, automation, and response (SOAR) capabilities to ingest logs from your entire digital estate—providing further automation, response, and cyberthreat tracking across systems.
-
Microsoft Defender XDR is the unified portal experience encompassing various security solutions. Access the Microsoft Defender XDR portal and XDR features with any of these licenses:
- Microsoft 365 E5 or A5
- Microsoft 365 E3
- Microsoft 365 E3 with the Microsoft Enterprise Mobility + Security E5 add-on
- Microsoft 365 A3 with the Microsoft 365 A5 security add-on
- Microsoft Enterprise Mobility + Security E5 or A5
- Microsoft Defender for Endpoint (Plan 1 and 2)
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Office 365 (Plans 1 and 2)
- Microsoft Defender Vulnerability Management
For more information, see the Microsoft 365 Enterprise service plans.
-
Microsoft Defender XDR provides a unified XDR experience for the following products: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender Vulnerability Management.
- [1] Forrester, Forrester New Wave, Forrester Wave, and The Total Economic Impact are trademarks of Forrester Research, Inc.
- [2] The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
- [3] MITRE Engenuity ATT&CK® Evaluations: Enterprise, Wizard Spider + Sandworm Enterprise Evaluation 2023, The MITRE Corporation and MITRE Engenuity.
- [4] The Total Economic Impact™ Of Microsoft Defender XDR (formerly Microsoft 365 Defender), a commissioned study conducted by Forrester Consulting, April 2022.